Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-10945Path Traversal in Joomla !

CWE-22Path Traversal4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
81.1%
top 0.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Joomla !
Timeline
PublishedApr 10
Latest updateMay 14

Description

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDjoomla/joomla_!1.5.03.9.4

🔴Vulnerability Details

2
GHSA
GHSA-fg75-qw6g-52mj: An issue was discovered in Joomla! before 32022-05-14
CVEList
CVE-2019-10945: An issue was discovered in Joomla! before 32019-04-10

💥Exploits & PoCs

1
Exploit-DB
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion2019-04-16
CVE-2019-10945 — Path Traversal in Joomla ! | cvebase